CompTIA Security+ SY0-701 Practice Question

A security administrator is reviewing the system logs of a recently compromised server. They notice several log entries with failed login attempts followed by a single successful login attempt from an unfamiliar remote IP address. After the successful login, there are commands executed that elevate the privileges of the newly logged-in user. Which of the following actions should the security administrator prioritize to mitigate the immediate threat?

Disable the compromised user account.
Conduct an immediate forensic analysis on the server.
Review and update firewall settings to restrict remote access.
Change the passwords for all user accounts.

CompTIA Security+ SY0-701

Security Operations

Your Score:

SAVE $49

CompTIA Security+ Voucher (SY0-701)

$404.00 $355.00

Bash, the Crucial Exams Chat Bot

AI Bot

CompTIA Security+ SY0-701 Practice Question

Answer Description

Ask Bash

Why is disabling the compromised user account the first step in mitigating the threat?

What is meant by privilege escalation, and why is it concerning in a security breach?

What should be the next steps after disabling the compromised account?

Monthly

$14.99

billed monthly
(cancel any time)

3 Month Pass

$34.99

One time purchase
Does not auto-renew.

Annual Pass

$59.99

One time purchase
Does not auto-renew.

Lifetime Pass

$119.99

One time purchase
Good for life.

All Certifications

Unlimited Practice Tests

Unlimited Questions

Zero Ads

Track scores

Report Cards

Major Voucher Discounts

Advanced PBQs

CompTIA Security+ SY0-701 Practice Question

Report Issue

Answer Description

Ask Bash

Why is disabling the compromised user account the first step in mitigating the threat?

What is meant by privilege escalation, and why is it concerning in a security breach?

What should be the next steps after disabling the compromised account?

Report Issue